July 16, 2001-- Newsletter #139
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
July 16, 2001--Newsletter #139
This newsletter is part of the internet.com network.
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
Did you hear...
CBS is trying that Big Brother show again. It premiered Thursday, July 5th. I watched it. I'd like to say I felt any connections with any of the characters but I didn't. The show is fully aimed at a younger audience than me. Yes, they threw in two older people but they are only sacrificial lambs. They'll be voted off straight away and then the show will be all young people. The thing that has the Web community upset is that this time around you are going to have to pay for the ability to watch the Internet feeds coming from the house. Chat room posts, even on the CBS chat rooms, are rather nasty. I think we may see CBS reverse their pay-for thought process if the show begins to take a ratings dive.
If you're looking for a getaway, hit a few Web travel sites and check out the prices. Apparently travel is down and airlines are looking to fill seats. Deals are great too. Southwest is offering a coast-to-coast trip for under $200. I'll bet a few restrictions apply. The drop in prices has sparked a buying rally. Delta reported that last week was their best online sales week yet.
Now onto today's topic...
I've been a big fan of Morgan Freeman ever since I saw the Shawshank Redemption. Not too long ago, I went to see one of his films titled, "Along Came a Spider". It wasn't spectacular but then again, it wasn't bad. I enjoyed it and the popcorn was fresh.
Like many films that involve the Internet, email and streaming digital video, the technology was often overblown. What happens on the screen mostly likely wouldn't happen in real life, at least not over a 28.8 modem attached to AOL. This movie was full of that kind of stuff. Streaming video looking like HDTV, email had a graphic interface that was just spectacular, and kids were sending text messages back and forth encoded into gif images.
Oh, wait. That last one's true.
It's a process called steganography and it's nothing overly difficult. In fact, there are numerous freeware and shareware programs out there that will help you to encode text or images into documents, images, or sounds. They're easy to find. I was successful by going to Shareware.com and Tucows.com and simply searching "Steganography". The choices were vast.
You'll find that the software tends to differ a great deal. Some will only encode into BMP. The one I have will encode to both BMP and GIF. Other programs will encode into sounds files.
If this is new to you, you must be thinking the same thing I was thinking. There's no way the sound file would play if text were encoded into it. Well, you'd be wrong. It plays just fine. The only downfall of my program was that the BMP images that I encoded text files into looked a bit grainy.
I'm sure you can see why kids would dig this. Little Joey can email an image of Michael Jordan to his friend Billy. Billy's Mom sees the image and thinks all is OK. Only now, Billy runs the image through his un-encoder and there are the answers to tomorrow's testor worse. I know what you were thinking!
Of course this is much more than a simple method of transferring data between kids. It can be used to cloak all kinds of data. And, in fact, is has.
There's now a belief that terrorist Osama bin Laden, has been sending documents around the world hidden within pornographic images and MP3 files. That copy of Barry Manilow's "Copa Cabana" you grabbed from NAPSTER could have plans stuck way down deep inside. You simply wouldn't know by looking at it.
Let me go one step further if I might. If it is actually true that terrorists are doing this, shouldn't our government look for it with the intent to intercept it?
You have most likely heard of a program called, "Carnivore". According to the FBI, Carnivore was so named because it "chews" all of the data coming through a certain data network but only "eats" information allowed by court order. Basically, Carnivore is a wiretap used on the Internet. What's more, Carnivore is always at the very center of the privacy debate.
If it is true that terrorists are using steganography to transfer data round the Web, then I think you're going to start to hear a little more about Carnivore because, as far as I can see, it is our best bet to catch these embedded packets. The problem then is two fold.
Carnivore works through court order and thus deals only with "allowed" data. You may disagree, but let's stay with that thinking for a moment. Privacy advocates will have enough to be upset about by the end of this newsletter without bringing anything to the table.
Problem number one is that the mail from a terrorist group will not be labeled as such. I highly doubt you're going to find "BinLaden036@yahoo.com". That means that using Carnivore as a set wiretap will be difficult. It may happen that the FBI only knows that somewhere on a network, there may be a terrorist. Thus, all email will have to be searched.
Now problem number two. It's not the text of the email that's the problem any more. It's the attachment. Carnivore, if it isn't already, will have to be bettered to be able to look at attachments and "know" whether that attachment contains an embedded file. And! If Carnivore finds an embedded file, it will have to open it to read it.
Steganography is real and there's serious reason to believe that it is being used for very bad purposes. We have once again come full circle on the same basic question of privacy on the Web. If you have privacy, so does the person sending around terrorist documents. I think we can all agree that no one wants that.
New technology has once again opened a Pandora's box of privacy and legal issues, but it's the same old question. How much of your privacy are you willing to give up so that those searching for a terrorist have any opportunity at all.
That's That - Thanks for reading.
Joe Burns, Ph.D.
And Remember: How many licks does it take to get to the middle of a Toosie Pop? It's more than three. Numerous experiments have been undertaken to find the answer. The average is 142. The data span was 75 to 200 licks. I'm not sure if 142 represented the mean or the median. I'm not sure how much I care either.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...